HashiCorp Vault in a Homelab: Secrets Without the Pain

Secrets management is the unglamorous foundation of any secure infrastructure. This post covers how I run Vault in my homelab and the patterns that make it practical to live with day-to-day.

Why Vault?

Every alternative I tried either leaked secrets into git, required a cloud dependency, or was too manual to survive a reboot. Vault with AppRole auth gives me a repeatable, auditable secret store that works with Terraform, Ansible, and Jenkins.

Key Patterns

• Dynamic Secrets: Vault generates short-lived PostgreSQL credentials on demand.
• AppRole per Service: Each service has its own AppRole with scoped policies.